2017-01-07 02:16:53 +08:00
|
|
|
/*
|
|
|
|
* Licensed to the Apache Software Foundation (ASF) under one
|
|
|
|
* or more contributor license agreements. See the NOTICE file
|
|
|
|
* distributed with this work for additional information
|
|
|
|
* regarding copyright ownership. The ASF licenses this file
|
|
|
|
* to you under the Apache License, Version 2.0 (the
|
|
|
|
* "License"); you may not use this file except in compliance
|
|
|
|
* with the License. You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing,
|
|
|
|
* software distributed under the License is distributed on an
|
|
|
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
|
|
* KIND, either express or implied. See the License for the
|
|
|
|
* specific language governing permissions and limitations
|
|
|
|
* under the License.
|
|
|
|
*/
|
|
|
|
|
2022-05-09 18:13:12 +08:00
|
|
|
#include <zephyr/kernel.h>
|
2017-01-07 02:16:53 +08:00
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include "os/os_heap.h"
|
|
|
|
|
zephyr: migrate signature type to Kconfig
Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's
mcuboot_config.h by converting them into the platform-agnostic MCUboot
definitions.
This requires some changes to the way the release test Makefile is
structured, since Kconfig symbols cannot be set from the command line.
Instead, use the OVERLAY_CONFIG feature of the Zephyr build system,
which allows specifying extra fragments to merge into the final
.config. (This is an orthogonal mechanism to setting CONF_FILE; it is
used by Zephyr's CI script sanitycheck to add additional fragments, so
it's appropriate for use by MCUboot's testing scripts as well.)
We additionally need to move to a single prj.conf file due to a
dependency issue. We can no longer determine CONF_FILE from the
signature type, since that is now determined from the final .config or
autoconf.h, which is a build output that depends on CONF_FILE.
To move to a single prj.conf:
- delete prj-p256.conf and adjust prj.conf to serve both signature types
- add a top-level mbedTLS configuration file which dispatches to
the right sub-header depending on the key type
- as a side effect, have the simulator pick the right config file
depending on the case
This fixes and cleans up quite a bit of the signature type handling,
which had become something of a mess over time. For example, it fixes
a bug in ECDSA mode's configuration that wasn't actually selecting
config-asn1.h, and forces the simulator to use the same mbedTLS
configuration file as builds for real hardware.
Finally, we also have to move the mbedTLS vs. TinyCrypt choice into
mcuboot_config.h at the same time as well, since CMakeLists.txt was
making that decision based on the signature type.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
2018-04-13 01:02:38 +08:00
|
|
|
#ifdef CONFIG_BOOT_USE_MBEDTLS
|
2017-12-12 18:10:40 +08:00
|
|
|
|
2017-01-07 02:16:53 +08:00
|
|
|
#include <mbedtls/platform.h>
|
2017-10-20 06:45:09 +08:00
|
|
|
#include <mbedtls/memory_buffer_alloc.h>
|
2017-01-07 02:16:53 +08:00
|
|
|
|
2017-10-20 06:45:09 +08:00
|
|
|
/*
|
|
|
|
* This is the heap for mbed TLS. The value needed depends on the key
|
2019-05-14 06:08:12 +08:00
|
|
|
* size and algorithm used.
|
|
|
|
*
|
|
|
|
* - RSA-2048 signing without encryption is known to work well with 6144 bytes;
|
|
|
|
* - When using RSA-2048-OAEP encryption + RSA-2048 signing, or RSA-3072
|
|
|
|
* signing (no encryption) 10240 bytes seems to be enough.
|
|
|
|
*
|
|
|
|
* NOTE: RSA-3072 signing + RSA-2048-OAEP might require growing the size...
|
2017-10-20 06:45:09 +08:00
|
|
|
*/
|
2019-05-14 06:08:12 +08:00
|
|
|
#if (CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN == 2048) && !defined(CONFIG_BOOT_ENCRYPT_RSA)
|
2017-10-20 06:45:09 +08:00
|
|
|
#define CRYPTO_HEAP_SIZE 6144
|
2018-12-17 19:17:15 +08:00
|
|
|
#else
|
2019-12-13 05:46:06 +08:00
|
|
|
# if !defined(MBEDTLS_RSA_NO_CRT)
|
2021-11-06 02:12:19 +08:00
|
|
|
# define CRYPTO_HEAP_SIZE 12032
|
2019-12-13 05:46:06 +08:00
|
|
|
# else
|
|
|
|
# define CRYPTO_HEAP_SIZE 16384
|
|
|
|
# endif
|
2018-12-17 19:17:15 +08:00
|
|
|
#endif
|
2017-01-07 02:16:53 +08:00
|
|
|
|
2017-10-20 06:45:09 +08:00
|
|
|
static unsigned char mempool[CRYPTO_HEAP_SIZE];
|
2017-01-07 02:16:53 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize mbedtls to be able to use the local heap.
|
|
|
|
*/
|
|
|
|
void os_heap_init(void)
|
|
|
|
{
|
2017-10-20 06:45:09 +08:00
|
|
|
mbedtls_memory_buffer_alloc_init(mempool, sizeof(mempool));
|
2017-01-07 02:16:53 +08:00
|
|
|
}
|
2017-11-15 02:38:06 +08:00
|
|
|
#else
|
|
|
|
void os_heap_init(void)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
#endif
|